Black Hat Software Testing – It’s Not What You Think

Black Hat Software Testing – It’s Not What You Think

When it comes to SEO and network security, the term “black hat” has very negative – often illegal – connotations. But in managerial circles, wearing the Black Hat can be a good thing.

Not just good.

Done correctly, Black Hat thinking can play an invaluable role in business success.

According to Edward de Bono’s 1985 book, Six Thinking Hats, teams should adopt 6 cognitive approaches when tackling new projects. These complementary color-coded Hats ensure that you overcome the most difficult challenges and identify the greatest opportunities.

Although de Bono originally wrote this book for business managers, the underlying tenets apply to many different disciplines – including software testing.

Emotional Red. What is our immediate reaction (i.e. gut feeling) about this project?

Let’s review what the Black Hat is all about – and how it can improve software testing.

Black Hat Software Testing Defined

Black Hat thinking is where most software testers thrive. That’s because this cognitive approach requires a mix of negative thinking, critical judgment, and logical analysis. It’s not that software testers are pessimistic by nature. But we’re trained to figure out why things don’t or won’t work.

Give us a situation, and we’ll find as many holes as possible. This is, after all, what we are paid to do. As gatekeepers of the realm, our job is to apply objective logic and find leaks. This cautious conservatism ensures that the final release of every product is user-friendly and free of bugs.

But it’s not simply negative logic that we’re using. All of our findings and assumptions need to be backed up with facts. Whereas Red Hat cognitive thinking allows you to indulge potential pitfalls on an emotional level, Black Hat analysis requires verifiable data and testable justifications.

Black Hat Software Applications

There are many different ways to apply Black Hat analysis. By definition, almost any methodology can be used to scan for and identify aspects of the product that need improvement.

But below are some general guidelines for Black Hat software testing.

1. During the Actual Testing Process
Use Black Hat thinking to discover how the testing process may be flawed. Potential insights include:

Finding production problems and defects

Identifying parts of the system or application that haven’t been tested

Ensuring that time, money, and other resources are allocated responsibly

Using data collected from the above steps, your team can improve the overall testing process. Black Hat helps you identify problems and inconsistencies in your quality assurance workflow.

2. Different Types of Software Testing
Use Black Hat cognitive thinking to prepare future tests and select the most appropriate methodology:

Do you have sufficient information to begin testing?

Do you know precisely what is different about each version of the product?

Do you have the personnel and resources to run the required tests?

Have there been any changes (internally or externally) about the product that your team isn’t aware of?

3. Replacing Assumptions with Verifiable Facts
Use Black Hat software testing to critically examine any and all assumptions – especially optimistic assumptions. This step is arguably the most important since failure to spot “holes” is what ultimately makes or breaks a product.

Is the product (or system) user-friendly and intuitive?

Does it include the most important features – especially those specifically requested by users?

Does this product have a ready market? And if not – why not?

Many products launch with absolutely zero bugs. And yet they still fail. This is because software testing isn’t simply about finding errors. It’s about delivering solutions that customers desperately want and need to use.

Why Black Hat Software Testing Matters

Edward de Bono cautions against spending too much time on emotional Red Hat thinking. But when it comes to the Black Hat, be prepared to invest as many resources as necessary.

We couldn’t agree more – and here’s why.

Human nature is funny. Our brains are wired to scan for whatever we tell them to scan for. If we look for 3 potential problems, we’ll always find exactly 3 (maybe more). It we look for 10, we’ll find 10.

In other words, it pays to set unrealistically high targets to ensure that you completely cover your bases. Instruct your team to look for 25, 50, or even 100 reasons why a project won’t work.

Assume that everything is assumed – and work backwards until you’re on 100% solid ground.

But note that Black Hat thinking isn’t about solving problems. The goal is simply to identify their existence. At this stage, don’t get mired in debates are arguments. The Black Hat approach allows you to objectively outline all of the negative elements throughout the product cycle.

In the next entry, we’ll look at how de Bono recommends you resolve all of these problems and inconsistencies. We’ll be putting on the Optimistic Yellow Hat.